Remote Connectivity to XV, XP and Epro Units Running Visual Designer

Technical Data AP04803010E Effective August 2011 Remote Connectivity to XV, XP and ePro units running Visual Designer

Intro Blackberry® (non-Windows) devices, to connect to the remote desktop server of the XV unit over a Remote connectivity is one of the major features WiFi network. of Visual Designer® and our new operator interface hardware platforms running that software. The 1. The Remote (desktop) Client can be ability to monitor, troubleshoot, edit and adminis- downloaded from Eaton’s Website under OI ® ter Eaton XV, XP, and ePro PS systems remotely Documentation/Software Downloads at: over a plant network or over the Internet can save http://www.eaton.com/Electrical/USA/ customers time and money through reduced sup- ProductsandServices/AutomationandControl/ port and maintenance and improve overall machine OperatorInterface/XVXP/index.htm effectiveness by reducing downtime and improving quality. This paper describes the various hardware This file can be copied to a PC and run platforms and how each addresses remote access without going through an install process. It is and management. a true remote desktop client (like VNC or UltraVNC on a standard PC) allowing full While remote connectivity is usually thought of as remote control of the unit. This connects to the ability to view and take action from a user’s the remote desktop server running on the XV PC an equally important aspect is the ability of the unit. Only one remote desktop connection can machine to reach out and programmatically con- be supported at the same time. tact key individuals when a problem is developing prior to serious downtime or quality issues. Visual 2. The user can connect using a thin client Designer can easily be configured on these OI interface to the web server running on the XV platforms to monitor process and quality problems by opening up Internet Explorer® and browsing and even system health and sent out emails or to the XV’s IP address followed by a forward text message alerts to local or remote personnel slash and the name of the startup page. For to prevent problems from occurring. example, if the XV’s IP address is 192.168.1.20 and the startup page was named Main, then the URL to open would be: XV Family http://192.168.1.20/Main.html There are five ways to monitor and administer the No special software is required to be installed XV unit remotely over the Internet. These can be prior to connecting to the unit, but the first demonstrated locally by connecting a PC to the XV time the user connects they will be asked to with a crossover cable or through a hub/switch/ accept a download of an ActiveX control that router. Replicating this over the Internet is depen- automatically installs allowing Internet Explorer dent on the user setting up secure remote access to display the application pages. The XV unit is through their corporate or local firewall. licensed from the factory for one web client There are four processes that automatically start session, meaning only one web client can on the XV unit from the Autoexec.bat file which be connected at one time. Field upgrades support the five remote connections. The first is can be purchased that will allow up to 8 the remote desktop server (CERemoteSvr.exe), simultaneous web client connections. the second is the FTP server (FtpSvr.exe), the third 3. The user can connect to the FTP server by is the web server (HttpdStart.exe) and the fourth opening Windows® Explorer on their PC and is the Visual Designer remote agent (CEServer. typing in ftp://ipaddress where ipaddress is exe). A fifth process, VNC Gateway is remarked the IP address of the XV unit. You can use out in the Autoexec.bat file of the XV unit but the this to copy and paste files to and from file can be edited to launch this service as well. the XV unit. Multiple simultaneous FTP This allows VNC clients connections, available on connections are possible. devices such as the iPhone®, iPad®, Android™ and 4. Visual Designer development software can connect to the XV remote agent for: a. Uploading the project b. Downloading or updating the project and/or runtime software c. Downloading or updating the runtime software d. Updating the runtime license to add tags or thin client connections. This is done by clicking on the Connect icon in the Remote Management group of the Home tab of the ribbon then typing in the IP address Technical Data AP04803010E Remote Connectivity to XV, XP and Effective August 2011 ePro units running Visual Designer

of the unit and clicking the connect button. The developer can Application Security and Internet / Firewall then pick the desired function from the four tabs in the Remote Management window. Security Considerations 5. The user can connect using a SMA (Studio Mobile Access) The security system in Visual Designer is fully implemented for thin client interface from a Smart Phone, Blackberry, PDA, web thin client connections. The application developer can prevent iPhone/iPad, or other smart wi-fi or Internet enabled device. remote changes to process settings and control for all web thin Studio SMA uses Collaboration Data Objects (CDO) and Active client connections or rely on the user/password security settings Server Pages (ASP) to build the Web application pages for mobile to dictate control access as well as access to specific pages or browsers. The mobile browser does not need to support Java®, screens. ™ Flash , or any other advanced features because the pages are For all remote connections such as Web Thin Client, FTP, remote built entirely on the server-side and then sent to the browser as desktop, and remote editing, network security needs to be con- simple HTML. To connect through the SMA interface the user sidered when setting up Internet and Firewall connectivity. Proper must open a browser on the mobile device and use the following setup of network security is up to personnel familiar with the setup link: http://ipaddress/SMA/LogOn.asp of the network hardware to allow or prevent access to specific activi- In some cases the user may want to limit remote access to the XV ties through routers and firewalls. While specific Internet hardware unit. All that is needed is to upload the XV’s autoexec.bat file using settings and the user interface to configure them will be somewhat the FTP connection, then remark out the commands that start the different from vendor to vendor, the network configurator will need various remote servers automatically then copy the file back and to know what Ethernet ports are used by each of the remote con- perform a reboot. It is recommended to at least leave the Visual nections. For instance the Visual Designer web server utilizes ports Designer remote agent started automatically to facilitate stopping 80 (HTML) and 1234 (TCP/IP) for its functionality and the remote the Visual Designer project to gain access to the operating system agent that allows for the Visual Designer editor to remotely edit an from which the other servers can be manually started. Another way XP or XV unit uses port 4322. A complete list of potential port usage to do this would be to place an Exit function in the project with the is shown below: proper security setting to allow OS access for maintenance. Port # Program XP and ePro PS Families 20 FTP Server (Data) 21 FTP Server (Command) There are also five ways to monitor and administer the XP or ePro PS units remotely over the Internet. On these platforms the IIS 25 SMTP Server and FTP services are included in the OS build and automatically 80 Microsoft IIS Server for HTTP packets started to support web client and SMA connections through Internet Explorer and FTP connections through Windows Explorer much like 110 POP3 the XV units. One difference is that the FTP site for the XV is the 118 Microsoft SQL Server Services entire internal flash and external SD flash driver whereas the default FTP site for the XP is D:\Cfg and on the ePro D:\ . Also the FTP 161 SNMP directories both have the virtual name of Cfg so that in Windows 162 SNMP Trap Explorer the user types ftp://ipaddress/Cfg where ipaddress is the IP address of the XP or ePro PS unit. On both units the user can add 389 LDAP FTP virtual sites to gain remote file access to other folders through 443 Microsoft IIS Server for HTTPS packets (SSL) Control Panel > Admin Tools > Internet Information Services. 502 Modbus TCP/IP protocol The Visual Designer remote agent is automatically started on both XV and ePro PS through a shortcut in the All Programs/Startup 663 LDAP over SSL folder. The developer can then connect to the units from the Visual 1028 FTP Client (Command) Designer editor to upload/download/update the project. However, unlike the XV units, the runtime software cannot be updated from 1029 FTP Client (Data) the editor/remote agent connection nor can the Visual Designer 1234 Project TCP/IP Server license be updated. To update the runtime software version the user must follow the installation process from the unit much like 1443 Microsoft SQL Server they would do on a standard PC. Upgrading the runtime license is 1444 Microsoft SQL Server default port (Monitor) also accomplished locally using the Register utility from Start > All Programs > Eaton > Visual Designer Vx.y > Register. This will 1521 Oracle allow the user to update the tag count or increase the number of 1526 Oracle simultaneous thin client connections. On the XP and ePro the user 2030 Oracle can have a maximum of 256 simultaneous thin client connections. 3001 A-B Ethernet TCP/IP Protocol (default) To accomplish a remote desktop feature on these units it is recommended that a third party server called UltraVNC be installed. This is 3306 MySQL (can be configured to use 3306-3309) an open source, free download from the Internet that has been fully 3872 Oracle Management Remote Agent tested on the XP and ePro PS. It can be downloaded from the link www.UltraVNC.com then installed on the XP or ePro unit. During 3997 Studio ADO Gateway the installation the user will be able to create a unique password to 4322 Remote Agent (CEServer) prevent unwanted access. On the remote PC all that needs to be installed is the UltraVNC client component. Then from the PC the 5900 RealVNC/UltraVNC user can launch the UltraVNC client, provide the IP Address of the 5432 PostgreSQL unit they wish to connect to, and supply the password assigned to the remote unit. Some of the advanced features of UltraVNC include 47808 BACNet UDP Protocol (default) the ability to launch Task Manager, get to the Windows start menu, 51738 Remote Desktop Server (XV-102/152) start a chat session with the remote user, and manage file transfers from and to the remote unit, negating the need to use the FTP service.

2 eaton corporation www.eaton.com Remote Connectivity to XV, XP and Technical Data AP04803010E ePro units running Visual Designer Effective August 2011

There is a wealth of information available on the Internet for setting up firewalls and routers and there are many IT professionals who can assist in these efforts to insure network security. The following section provides some insight into the various ways of setting this up.

Thin Client Web Viewing using a Public IP Address This section describes those steps and issues to address to suc- cessfully implement thin client web viewing with Visual Designer and XV, XP and ePro PS touch panels using a public IP address. Only some key points are covered. Thin client web viewing has been verified using Microsoft Internet Explorer V8 on Windows XP and Windows 7. It will not work with the 64-bit version of Internet Explorer 9, however when IE9 is installed on a Windows 7, 64-bit machine, it automatically installs both the 32-bit and 64-bit versions, and the shortcut created during the install points to the 32 bit version that works. Thin Client web viewing is also not supported with non-Microsoft browsers such as Mozilla Firefox and Google Chrome. The internet router must be setup to port forward the following Figure 2 ports: • Port 80 (default HTML port) • Port 1234 (default TCP/IP port) Port forwarding is typically configured from the Firewall section (sometimes called applications and gaming) of popular routers such as Cisco seen in Figure 1. The ports must be forwarded to the local IP address of your Eaton OI panel, for example 192.168.1.7. The name property in the Custom Service Table shown in Figure 1 (in other routers this may be called Application field) can be any name you wish to use, but it is highly recommended to reference the unit to be forwarded to when the internal network will have more than one OI unit to remote to. Be sure to check that the port forwarding has been enabled, and save your settings.

Figure 3

Default port: Multiple reasons may necessitate changing the default port of both the web server (default 80) and the data server (1234) that the thin client uses within an application. These reasons may include but are not limited to: • Port 80 is blocked by some Internet service providers • Corporate policy requires specified port addresses for web servers • Multiple web serving Visual Designer applications need remote access and are on the same network Figure 1 Changing the default Webserver Port on XV In Figure 2 where Access Rules are configured you pick the IP To change the port modification on the boot sequence on XV units, address to forward to for each service configured in Figure 1. This the following is required: rule becomes part of the selected policy, shown in Figure 3, by add- • Download the zip-file: http://custom.microinnovation.com/431/ ing a rule and saving it. Note that each Router will configure some- XVWebServerChangePort.zip what differently but the same general terms and operations are supported by all modern routers. • Unzip, and edit the file changePort.reg. In changePort.reg the default HTTPD port is set to 8080 (on the command line byte 3 and 4 in hex numbers (1F90)): “SockAddr”=hex(3):02,00,1F,90,00,00,00,00,00,00,00,00,00,00,00,00 • To change to 8081 for example, change the file to reference the number 8081 in hex 1F91H: “SockAddr”=hex(3):02,00,1F,91,00,00,00,00,00,00,00,00,00,00,00,00 • These files should be placed in the proper boot location in either \ InternalStorage\ or \StorageCard\ depending on application setup.

eaton corporation www.eaton.com 3 Technical Data AP04803010E Remote Connectivity to XV, XP and Effective August 2011 ePro units running Visual Designer

Changing the default Webserver Port on XP and ePro PS Designer products with the Project Settings, Communication properties. The default port setting is 1234. Open up Administrative tools from the Control Panel and open Internet Information Services:

Figure 4

Click on the plus signs to find the Default Web Site and right-click on it to open properties. Figure 6

IMPORTANT! The Secondary Data Server IP address must be set to the public IP address of your web server. To configure the secondary data server, click on the Thin Client icon in the Web group of the Project tab:

Next, click the “Advanced” button:

Figure 5

Change the TCP Port to the designated port address (in this example 8080) then click” Apply”, then “OK” and complete a protect mode save. NNote If you set the port to something other than 80, you will need to add “:8080” to the IP address URL when using Internet Explorer to view the unit as a thin client. Eg. http://x.x.x.x:8080/startup.html

Changing the default Data Server Port on all Visual Designer Projects Just like the web server it may also be necessary to change the data server (TCP/IP) port of the application. This can be done for all Visual

4 eaton corporation www.eaton.com Remote Connectivity to XV, XP and Technical Data AP04803010E ePro units running Visual Designer Effective August 2011

In the Advanced dialog enter the Secondary Data Server IP Address. No entries required in WINS tab: This is the public IP address for your web server.

Once you have configured the Thin Client setting in Visual Designer, you must re-publish all your HTML screen files and download them to the panel.

NNote Internet sites such as whatismyip.com or ipmonkey.com will identify your public IP address. NNote The IP address of your gateway (router) needs to be set in the IP tab and DNS tab of your XV, XP or ePro PS panel’s Network properties. Examples below show the setup for an XV panel (XP and ePro units configuration is the same as a normal Windows XP PC): Open the target unit’s Control Panel then click on the Network icon and set the Gateway setting to the Router’s local IP address. Use the left right arrow buttons to increment/decrement the value in the selected field.

To view the Visual Designer project screens remotely using the web thin client, first launch MS Internet Explorer. Enter the public IP address followed by the startup screen name, for example: http://54.33.45.11/startup.html. If this is the first time you have attempting thin client viewing you will be prompted to install an ActiveX control. This will take a minute or so. After the ActiveX control is installed, you will be able to view the project screens in your web browser.

eaton corporation www.eaton.com 5 Technical Data AP04803010E Remote Connectivity to XV, XP and Effective August 2011 ePro units running Visual Designer

FTP and Remote Desktop Access using a To view the Visual Designer project folders remotely using FTP on an XV unit, first launch Windows Explorer. Enter the public IP address, Public IP Address for example: ftp://54.33.45.11. You will now be able to view, copy, The key points to setting up FTP (File Transfer Protocol) and Remote and paste to the folders on your XV panel drives from your PC. Desktop access using a public IP address is similar to those for thin On an XP or ePro PS unit you will have to make sure the Windows client viewing. You will need to port forward the following ports in Firewall is turned off in Control Panel of the unit, then add the Virtual your router for such access. Site “Cfg” to the end of the address in Windows Explorer on the The Internet router must be setup to port forward the following remote PC. For example: ftp://54.33.45.22/Cfg ports: Alternately, on an XP or ePro PS machine third party software such • Port 21 (for FTP access) as UltraVNC server can be installed which offers file transfer utili- ties that do not require you to turn off the Windows Firewall on the • Port 4322 for Remote Agent (CE Server) unit. UltraVNC however, uses a different port (5900 by default) which • Port 5900 for UltraVNC (XP-702) would also need to be opened in the Router’s firewall/port forwarding settings. • Port 51738 for Remote Server (XV-102/152 remote desktop agent)

Eaton Corporation Electrical Sector 1111 Superior Ave. Cleveland, OH 44114 United States 877-ETN-CARE (877-386-2273) Eaton.com

© 2011 Eaton Corporation Eaton and Visual Designer are registered All Rights Reserved trademarks of Eaton Corporation. Printed in USA Publication No. AP04803010E / TN All other trademarks are property of their August 2011 respective owners.